Archive for January, 2020

« Older Entries
Newer Entries »

Canadian Startup Shows How 1000s Of Outlets Cover The Same Story

Posted in Commentary with tags on January 15, 2020 by itnerd
Aiming to break down echo chambers and combat polarization, a new platform launching today enables users to easily compare how sources from across the political spectrum and from around the world are covering the same news event.
At a time when many people find themselves overwhelmed and under-informed as they piece together patchwork information from social media and conflicting news sources, the Ground News Pro mobile app offers visualization and comparison tools that quickly provides users with the objective information they need to analyze, understand, and draw their own conclusion about a developing news story. Launching two weeks before the first votes are cast in the U.S. presidential race, it is the world’s first news source comparison platform, drawing from more than 40,000 news sources worldwide and featuring an average of 30,000 news stories per day.
Unlike traditional news aggregators, which utilize crowd-sourcing and algorithms that tend to reward sensational stories designed to draw clicks, Ground News Pro puts a priority on helping users understand the news based on critical data like media bias, geographic location, and time. Each media outlet is categorized based on bias data provided by Media Bias/Fact Check, AllSides.com, and The Media Bias Chart, three third-party nonprofits dedicated to monitoring and rating news sources along the political spectrum.

 

For any news story, users can scroll left and right to see headlines and how a story is being covered, as well as whether diverging narratives are emerging based on the bias of the outlets. A side-by-side comparison chart also allows users to quickly see if a story is receiving balanced coverage or if it is only being covered by left-leaning or right-leaning media, which can lead to increased political polarization.
Other highlights of Ground News Pro include:
  • Geographic location: Users can see a story has been adapted to fit a geopolitical agenda by spinning a globe to compare coverage from around the world. They can also view coverage categorized by local, national, and international media
  • Publication date and time: Where a story originated and whether it was published by a reputable news source is critical. Ground News Pro lets users see how a story changes and evolves over time with a video that marks where and when a story was published on the globe.
Ground News Pro is available for $0.99/month or $9.99/year through the App Store and Google Play Store’s subscription services.
A mobile and web-based version of Ground News is available for free.
A free Basic version of Ground News has been in the App Store and Google Play Store for over a year and has received over 4,000 4.5 star ratings and reviews.

Leave a comment »

Canada #2 Globally When It Comes To Technology Adoption, But Falling Behind In Other Areas: Cisco

Posted in Commentary with tags on January 15, 2020 by itnerd

Today, Cisco released its 2019 Global Digital Readiness Index, measuring the digital readiness of 141 countries across seven areas, including business & government investment, technology adoption and technology infrastructure.

So how does Canada stack up? Canada ranked second in the world for Technology Adoption, coming behind only the U.S., but is falling behind in Ease of Doing Business (18th), tech infrastructure (18th), Business & Government Investment (20th) and Startup Environment (26th).

The strongest components of digital readiness include: “Basic Needs,” “Human Capital,” and “Technology Infrastructure.” In general, improvements in these three components will have the most impact overall on a country’s level of digital readiness.

You can find a whitepaper detailing the index here and the interactive map here.

 

Leave a comment »

You Can Get Microsoft’s Chrome Based Browser Today

Posted in Commentary with tags on January 15, 2020 by itnerd

About a year ago, Microsoft announced plans to move their Edge browser to Chromium  which is the open source version of Chrome. As in Google’s Chrome. While that announcement raised eyeballs pretty much everywhere, it does make sense. By using Chromium, Microsoft can simply not worry about compatibility issues and bring features to multiple platforms at the same time.

Today Microsoft announced that you can get Microsoft Edge in its new Chromium form on the following platforms:

  • Windows 10, 8.1, 8, and Windows 7. Support for Windows 7 seems a bit weird to me as support for that OS ended yesterday.
  • macOS
  • iOS
  • Android

Fun trivia fact: For Mac users, this is the first time Microsoft has put out a browser for the Mac since 2003.

You can download the new Edge browser here. My question for you is will you use the new Microsoft Chrome Edge? Leave a comment and share your thoughts please.

1 Comment »

Surprise! Many Popular Apps Transmit Lots Of Data About You To Advertisers Without You Knowing About It

Posted in Commentary with tags on January 15, 2020 by itnerd

The Norwegian Consumer Council published an analysis of how popular apps are sharing user data with the behavioral ad industry. TechCrunch reports the findings. You might want to sit down for this:

A majority of the apps that were tested for the report were found to transmit data to “unexpected third parties” — with users not being clearly informed about who was getting their information and what they were doing with it. Most of the apps also did not provide any meaningful options or on-board settings for users to prevent or reduce the sharing of data with third parties.

“The evidence keeps mounting against the commercial surveillance systems at the heart of online advertising,” the Council writes, dubbing the current situation “completely out of control, harming consumers, societies, and businesses,” and calling for curbs to prevalent practices in which app users’ personal data is broadcast and spread “with few restraints.” 

“The multitude of violations of fundamental rights are happening at a rate of billions of times per second, all in the name of profiling and targeting advertising. It is time for a serious debate about whether the surveillance-driven advertising systems that have taken over the internet, and which are economic drivers of misinformation online, is a fair trade-off for the possibility of showing slightly more relevant ads.

“The comprehensive digital surveillance happening across the ad tech industry may lead to harm to both individuals, to trust in the digital economy, and to democratic institutions,” it also warns.

And:

The 10 apps whose data flows were analyzed for the report are the dating apps Grindr, Happn, OkCupid,  and Tinder; fertility/period tracker apps Clue and MyDays; makeup app Perfect365; religious app Muslim: Qibla Finder; children’s app My Talking Tom 2; and the keyboard app Wave Keyboard.

Frankly,  I am not shocked by this because you have to assume that if you install an app on your phone, the possibility of it slurping up your data and sending it to a third party exists. And it is questionable if you could stop these apps from doing that. The one thing that I will note is that this report is heavily slanted towards the Android platform because there are more Android phones out there. The report points out that this is less of a problem on iOS. Though you have to do some work to make sure that info that you don’t want sent to advertisers isn’t sent to them as the relevant settings that limit this sort of thing are not on by default. But having said that, if you run iOS 13, they do seem to be effective.

The take home message is this. Assume that you’re being tracked and your data is being sent to third parties as there is nothing to suggest that this isn’t going on.

Leave a comment »

Verizon Launches OneSearch Which They Claim Is Privacy Focused….. Yeah Right!

Posted in Commentary with tags on January 15, 2020 by itnerd

Privacy is a “thing” at the moment and I guess that Verizon sees that and wants to cash in on this trend by creating a privacy focused search engine via their Verizon Media division:

Verizon Media, the media and digital offshoot of telecommunications giant Verizon, has launched a “privacy-focused” search engine called OneSearch. With OneSearch, Verizon promises there will be no cookie tracking, no ad personalization, no profiling, no data-storing, and no data-sharing with advertisers.

With its default dark mode, OneSearch lets you know that Advanced Privacy Mode is activated. You can manually toggle this mode to the “off” position which returns a brighter interface, but with this setting deactivated you won’t have access to privacy features such as search-term encryption. With Advanced Privacy Mode on, links to search results will only be shareable for an hour, after which time they will “self-destruct” and return an error to anyone who clicks on it. More broadly, the OneSearch interface is clean and fairly familiar to anyone who has used a search engine before. But at its core, it promises to show the same search results to everyone given that it’s not tailored to the individual.

I had a look at the OneSearch privacy policy and it says that Verizon will store a user’s IP address, search query, and user agent on different servers so that it can’t draw correlations between a user’s specific location and the query that they’ve made. Another point is that it also says that it will monetize its new search engine through advertising. But  the advertising won’t be based on browsing history or data that personally identifies the individual it will only serve contextual advertisements based on each individual search,

Call me cynical, but I can’t see how OneSearch can call itself privacy focused. DuckDuckGo doesn’t collect or store any of your information. That’s true privacy as far as I am concerned which is why I use it and not Google, Bing, or anything else. And it’s not what Verizon is doing with OneSearch as they are collecting your information, but simply storing it in different places which nobody on the planet can consider to be privacy focused. That alone makes me gunshy about ever using this search engine. But if you want to give it a try, OneSearch is currently available on desktop and mobile web, with mobile apps coming later this month.

Leave a comment »

The FBI Could Access The iPhones At The Center Of The Latest Apple v. FBI Fight At Any Time….. So Why Don’t They?

Posted in Commentary with tags , on January 15, 2020 by itnerd

Yesterday I posted a story about the latest Apple v. FBI fight in which I called for some sort of middle ground that would stop stuff like this from happening. In the last few hours, this story has evolved.

First US President Donald Trump took to Twitter to push for the unlocking of the iPhones that are at the center of this fight:

And at about the same time, it came to light that the iPhones that are at the center of this are an iPhone 5 variant and an iPhone 7 variant. Why is that important? Well, the FBI already has the ability to unlock them without needing Apple to do it for them. Whether the FBI via a company like Cellebrite who was the company that the FBI used to unlock the San Bernardino shooter’s iPhone 5C a few years ago gets it done, or using a device like the ones sold by Grayshift which allegedly the FBI already owns, or using a vulnerability called “checkm8” that is present in every iPhone up until the iPhone X, the FBI could unlock these phones at any time.

So why are the FBI and Trump demanding Apple unlock these phones? It’s simple:

  • If Apple could somehow do this, it would set a precedent and the FBI would in theory have the ability to access any iPhone. Including current models which are much harder to crack.
  • If Apple refuses then they could push Congress to create legislation to force Apple to give them the ability to access any iPhone they want by painting them as the bad guy.

The fact is that this fight isn’t about these specific iPhones, it’s as I said yesterday about being able to access any iPhone of anybody that is of interest to them. And the FBI and company are just leveraging these iPhones to get to that end goal. This has nuanced my view of this situation a bit. I still feel that there needs to be some sort of middle ground when it comes to situations like this. But this is a pretty brazen and cynical attempt to get more than a compromise when it comes to this issue. It will be interesting to see what happens when this ends up in court. Which it will.

1 Comment »

The Latest Apple v. FBI Fight Shows That We Need A Middle Ground For Situations Like This

Posted in Commentary with tags , , on January 14, 2020 by itnerd

Yesterday a story hit news that the FBI via US Attorney General William Barr is demanding the help of Apple to unlock the phone of a Saudi citizen who went on a deadly shooting last month at a naval air station in Pensacola, Fla. that killed three and wounded eight.

“This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence,” Mr. Barr said. He called on technology companies to find a solution and complained that Apple had provided no “substantive assistance,” a charge that the company strongly denied on Monday night, saying it had been working with the F.B.I. since the day of the shooting.

Here’s what Apple said in response:

In a statement Monday night, Apple said the substantive aid it had provided law enforcement agencies included giving investigators access to the gunman’s iCloud account and transaction data for multiple accounts.

The company’s statement did not say whether Apple engineers would help the government get into the phones themselves. It said that “Americans do not have to choose between weakening encryption and solving investigations” because there are now so many ways for the government to obtain data from Apple’s devices — many of which Apple routinely helps the government execute.

So it seems like we are headed towards another FBI v. Apple fight. But let’s be clear. What this is all about is to ensure that the FBI or any other law enforcement agency or government can access any smart phone for any reason any time they want. While I understand that the FBI among others wants to protect people from any threat that exists, I don’t believe that this gives them the right to say that the rights of citizens get over-ridden because of this. I say that because if you look at Attorney General Barr’s statement, he wants technology companies to “find a solution” to allow him and those underneath him to get whatever it is they want at will. And it’s safe to say that they want backdoors into iOS, Android, or whatever OS they see fit that gets them past whatever security or encryption that the device in question has. Giving any government a backdoor into any OS is a bad idea as governments tend to have pretty poor track records of keeping stuff like that out of the wrong hands. Which means when the backdoor leaks out, we’re all screwed. This is on top of the potential privacy issues that could be at play.

Thus here’s my ask of everyone that is involved. Tech companies and governments need to find some sort of middle ground for situations like this. One where the needs of both sides are represented and nobody, especially you and I, loses. Because having each of them at their respective extreme ends of the spectrum isn’t working for either party. And as a result this fight will simply keep going on and on with no real resolution. Or worse yet, a government will simply take some draconian action to get what they want and inadvertently affect their citizens in a negative way. And neither of those are desirable outcomes.

 

2 Comments »

Today Is One Patch Tuesday That You May Want To Take Seriously… Microsoft May Be About To Patch A Serious Flaw In Windows [UPDATED]

Posted in Commentary with tags on January 14, 2020 by itnerd

To be honest, every Patch Tuesday should be taken seriously as the bugs that are fixed on Patch Tuesday are usually exploited by hackers 24 hours later with the targets being those who have not updated on Patch Tuesday. Having said that, today’s Patch Tuesday may be more important than usual because of this discovery by Brian Krebs:

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

If this is true, this is a big deal and you should patch all the things the second that this fix becomes available. Because based on the above description, any exploit that leverages this flaw will be serious and highly damaging. Assuming exploits aren’t already out there. I’ll update this post as soon as I get more info on this.

UPDATE: This is likely the first of many updates on this story. The NSA just held a press briefing and according to the Washington Post they confirmed that they found a flaw that matches the description that Brian Krebs reported and alerted Microsoft. That’s a major shift for the NSA as they tend not to report such flaws and instead weaponize them. That officially makes this a big deal and you should patch all your Windows computers the second this becomes available.

UPDATE #2: I posted this Tweet with a link to the Microsoft write up about this issue a few minutes ago:

But as informational as that is, what you actually want to read is the CERT document on this. I had a look and this bug is incredibly bad. This summary has all you need to know:

The Microsoft Windows CryptoAPI fails to properly validate certificates that use Elliptic Curve Cryptography (ECC), which may allow an attacker to spoof the validity of certificate chains.

In English, that means that an attacker can use a fake certificate to look at data that should be encrypted at all times. Thus I will reiterate what I said earlier in this post. As soon as the patch comes out, patch all the things.

Leave a comment »

Security Vulnerability In Millions Of Cable Modems Could Leave You Vulnerable To Pwnage By Hackers

Posted in Commentary with tags on January 13, 2020 by itnerd

Four Danish researchers have demonstrated how a hacker could exploit a  vulnerability in the firmware of some cable modems and completely hijack the modem to do whatever they want. The vulnerability which is called “Cable Haunt” is said to be present in way over 200 million cable modems worldwide and is described in this manner by the people who found it:

Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. The vulnerability enables remote attackers to execute abitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.

The vulnerable endpoint is exposed to the local network, but can be reached remotely due to improper websocket usage. Through malicious communication with this endpoint, a buffer overflow can be exploited to gain control of the modem.

The one thing that these cable modems have in common is that all the affected modems use Broadcom designed firmware. And updates to said firmware will be needed to close this vulnerability. The researchers note that there are presently no known attacks in the wild. But with the release of this report and the demonstration of how to exploit it, that is likely to change. Thus you have to hope that you haven’t been affected. To test if you could be vulnerable, there is a test script that you could run, but it’s not something that I would direct the general public to. Thus I am hoping that a more “user friendly” way to test for this vulnerability appears. That way it increases the pressure on ISP’s and modem manufacturers to get about fixing this.

 

Leave a comment »

If You Haven’t Patched Your Citrix Application Delivery Controller and Unified Gateway, You Might Already Be Pwned By Hackers

Posted in Commentary with tags , on January 13, 2020 by itnerd

Last month Citrix disclosed a critical security hole (CVE-2019-19781) in both its Application Delivery Controller and Unified Gateway (formerly known as Netscaler ADC and Netscaler Gateway). What’s bad about this security hole is that thousands of systems planet wide were thought to be at risk. BadPackets found a staggering 25000 of them without really trying too hard yesterday.

Well, if you haven’t patched this, then you might be in trouble. Researchers have now publicly shared working exploit code for the remote takeover bug. The proof-of-concept code can be used to trivially achieve arbitrary code execution with no account credentials. Which of course is bad. But what is worse is that attacks have apparently already begun. Which means that as I type this, you might already be pwned by hackers. Thus I would suggest that if you have a Citrix Application Delivery Controller and Unified Gateway, you might want to put down that coffee and check to see if you’re protected from this. And if you aren’t, I’d be apply patches ASAP. Plus I’d be taking a look at your IT infrastructure to see if the bad guys are already in and setting up shop.

Leave a comment »

« Older Entries
Newer Entries »